In a cloud environment, security of an application hosted within the cloud environment, is a great challenge, to organizations, seeking to comply with security guidelines and gain confidence of third party auditors and users. Lack of secure handling practices, at technical or operational level by a cloud service provider, and dependency on web based service and third parties can lead to compromise of confidential information such as credit card, SSN data of customers associated with the application. Due to poor security controls followed by cloud service providers, such compromise of confidential information, could lead to huge financial loss and distrust amongst the customers. In order to combat such security threats, a set of security controls could be given to the customer, to enable the customer to evaluate the security level of the application hosted on the cloud service provider. However, existing cloud service providers are unwilling to share information of cloud resources, systems, and of outgoing information. As a result, it is difficult to measure a security level of the application hosted on such cloud service providers' systems.
Hence, there is a need for a new method and system for effectively calculating a security level of the application hosted in the cloud environment. The alternative method must provide a set of tailored security controls and security metrics for the application, and means for probing the cloud environment for values of the set of security metrics. Further, the alternative method must enable calculation of the security level of the application hosted on the cloud environment from the values of the set of security metrics and the tailored set of security controls.
Thus a unique system and method for calculating the security index of the application hosted on the cloud environment is proposed.